/**
* @return void
*/
public function action_index()
{
$this->template->content->active = "options";
$session = Session::instance();
// Check for post
if ($this->request->method() === "POST") {
$bucket_name = trim($this->request->post('bucket_name'));
// Check for updates to the bucket name
if (Valid::not_empty($bucket_name) and strcmp($bucket_name, $this->bucket['name']) !== 0) {
$bucket_id = $this->bucket['id'];
$parameters = array('name' => $bucket_name, 'public' => (bool) $this->request->post('bucket_publish'));
//
if (($bucket = $this->bucket_service->modify_bucket($bucket_id, $parameters, $this->user)) != FALSE) {
$session->set('message', __("Bucket settings successfully saved"));
// Reload the settings page using the updated bucket name
$this->redirect($bucket['url'] . '/settings', 302);
} else {
$session->set('error', __("The bucket settings could not be updated"));
}
}
}
// Set the messages and/or error messages
$this->template->content->set('message', $session->get('message'))->set('error', $session->get('error'));
$this->settings_content = View::factory('pages/bucket/settings/display')->bind('bucket', $this->bucket)->bind('collaborators_view', $collaborators_view);
// Collaboraotors view
$collaborators_view = View::factory('/template/collaborators')->bind('fetch_url', $fetch_url)->bind('collaborator_list', $collaborators);
$fetch_url = $this->bucket_base_url . '/collaborators';
$collaborators = json_encode($this->bucket_service->get_collaborators($this->bucket['id']));
$session->delete('message');
$session->delete('error');
}
public function check_code($value)
{
$_site_type = empty($this->_original_values['type']) ? $this->_object['type'] : $this->_original_values['type'];
if ($_site_type === 'master') {
return !Valid::not_empty($value);
} else {
return Valid::not_empty($value);
}
}
/**
* Validate the domain of an email address by checking if the domain has a
* valid MX record and is nmot blaklisted as a temporary email
*
* @link http://php.net/checkdnsrr not added to Windows until PHP 5.3.0
*
* @param string $email email address
* @return boolean
*/
public static function email_domain($email)
{
if (!Valid::not_empty($email)) {
return FALSE;
}
// Empty fields cause issues with checkdnsrr()
$domain = preg_replace('/^[^@]++@/', '', $email);
if (core::config('general.black_list') == TRUE and in_array($domain, self::get_banned_domains())) {
return FALSE;
}
// Check if the email domain has a valid MX record
return (bool) checkdnsrr($domain, 'MX');
}
public static function check_data($value, $data)
{
switch ($data['type']) {
case 'static':
return TRUE;
case 'module':
return Valid::not_empty($value) and Valid::alpha_dash($value) and $value != '-';
case 'page':
return Valid::not_empty($value) and Valid::digit($value) and $value != '-' and $data['id'] != $value;
case 'url':
return Valid::not_empty($value) and Model_Page::check_link($value) and $value != '-';
}
return FALSE;
}
/**
* Checks that at least $needed of $fields are not_empty
*
* @param array array of values
* @param integer Number of fields required
* @param array Field names to check.
* @return boolean
*/
public static function at_least($validation, $needed = 1, $fields)
{
$found = 0;
foreach ($fields as $field)
{
if (isset($validation[$field]) AND Valid::not_empty($validation[$field]))
{
$found++;
}
}
if ($found >= $needed)
return TRUE;
$validation->error($fields[0], 'at_least', array($needed, $fields));
}
/**
* Validate the domain of an email address by checking if the domain has a
* valid MX record.
*
* @link http://php.net/checkdnsrr not added to Windows until PHP 5.3.0
*
* @param string $email email address
*
* @return boolean
*/
public static function email_domain($email)
{
if (!Valid::not_empty($email)) {
return false;
}
// Empty fields cause issues with checkdnsrr()
// Check if the email domain has a valid MX record
return (bool) checkdnsrr(preg_replace('/^[^@]++@/', '', $email), 'MX');
}
public function token()
{
// Validate the request
$request_params = $this->validate_token_params();
// Response Params
$response_params = array('token_type' => OAuth2::TOKEN_TYPE_BEARER, 'expires_in' => Model_OAuth2_Access_Token::$lifetime);
$client = Model_OAuth2_Client::find_client($request_params['client_id'], $request_params['client_secret']);
$user_id = NULL;
if ($request_params['grant_type'] == OAuth2::GRANT_TYPE_AUTH_CODE) {
$auth_code = Model_OAuth2_Auth_Code::find_code($request_params['code']);
$user_id = $auth_code->user_id;
$auth_code->delete();
} elseif ($request_params['grant_type'] == OAuth2::GRANT_TYPE_REFRESH_TOKEN) {
$refresh_token = Model_OAuth2_Refresh_Token::find_token($request_params['refresh_token']);
$user_id = $refresh_token->user_id;
$refresh_token->delete();
} elseif ($request_params['grant_type'] == OAuth2::GRANT_TYPE_CLIENT_CREDENTIALS) {
$user_id = NULL;
} elseif ($request_params['grant_type'] == OAuth2::GRANT_TYPE_PASSWORD) {
$user_id = $this->_validate_user($request_params['username'], $request_params['password']);
}
// Generate an access token
$access_token = Model_OAuth2_Access_Token::create_token($request_params['client_id'], $user_id, $request_params['scope']);
$response_params['access_token'] = $access_token->access_token;
// If refreh tokens are supported, add one.
if (in_array(OAuth2::GRANT_TYPE_REFRESH_TOKEN, OAuth2::$supported_grant_types)) {
// Generate a refresh token
$refresh_token = Model_OAuth2_Refresh_Token::create_token($request_params['client_id'], $user_id, $request_params['scope']);
$response_params['refresh_token'] = $refresh_token->refresh_token;
}
// Add scope if needed
if (Valid::not_empty($request_params['scope'])) {
$response_params['scope'] = $request_params['scope'];
}
return json_encode($response_params);
}
/**
* Links restful api
*/
public function action_places()
{
// Is the logged in user an owner?
if (!$this->owner) {
throw new HTTP_Exception_403();
}
$this->template = "";
$this->auto_render = FALSE;
$droplet_id = intval($this->request->param('id', 0));
$place_id = intval($this->request->param('id2', 0));
switch ($this->request->method()) {
case "POST":
$places_array = json_decode($this->request->body(), true);
$place_name = $places_array['place_name'];
if (!Valid::not_empty($place_name)) {
$this->response->status(400);
$this->response->headers('Content-Type', 'application/json');
$errors = array(__("Invalid location"));
echo json_encode(array('errors' => $errors));
return;
}
$account_id = $this->visited_account->id;
$place_orm = Model_Account_Droplet_Place::get_place($place_name, $droplet_id, $account_id);
echo json_encode(array('id' => $place_orm->place->id, 'place_name' => $place_orm->place->place_name, 'place_name_canonical' => $place_orm->place->place_name_canonical));
break;
case "DELETE":
Model_Droplet::delete_place($droplet_id, $place_id, $this->visited_account->id);
break;
}
}
public function check()
{
if (JsonApiApplication::$profiling === TRUE) {
$benchmark = Profiler::start('Validation', __FUNCTION__);
}
$data = $this->_errors = array();
$original = $this->_data;
$expected = Arr::merge(array_keys($original), array_keys($this->_labels));
$rules = $this->_rules;
foreach ($expected as $field) {
$data[$field] = Arr::get($this, $field);
if (isset($rules[TRUE])) {
if (!isset($rules[$field])) {
$rules[$field] = array();
}
$rules[$field] = array_merge($rules[$field], $rules[TRUE]);
}
}
$this->_data = $data;
unset($rules[TRUE]);
$this->bind(':validation', $this);
$this->bind(':data', $this->_data);
foreach ($rules as $field => $set) {
$value = $this[$field];
$this->bind(array(':field' => $field, ':value' => $value));
foreach ($set as $array) {
list($rule, $params) = $array;
foreach ($params as $key => $param) {
if (is_string($param) and array_key_exists($param, $this->_bound)) {
$params[$key] = $this->_bound[$param];
}
}
$error_name = $rule;
if (is_array($rule)) {
if (is_string($rule[0]) and array_key_exists($rule[0], $this->_bound)) {
$rule[0] = $this->_bound[$rule[0]];
}
$error_name = $rule[1];
$passed = call_user_func_array($rule, $params);
} elseif (!is_string($rule)) {
$error_name = FALSE;
$passed = call_user_func_array($rule, $params);
} elseif (method_exists('Valid', $rule)) {
$method = new ReflectionMethod('Valid', $rule);
$passed = $method->invokeArgs(NULL, $params);
} elseif (strpos($rule, '::') === FALSE) {
$function = new ReflectionFunction($rule);
$passed = $function->invokeArgs($params);
} else {
list($class, $method) = explode('::', $rule, 2);
$method = new ReflectionMethod($class, $method);
$passed = $method->invokeArgs(NULL, $params);
}
if (!in_array($rule, $this->_empty_rules) and !Valid::not_empty($value)) {
continue;
}
if ($passed === FALSE and $error_name !== FALSE) {
$this->error($field, $error_name, $params);
break;
} elseif (isset($this->_errors[$field])) {
break;
}
}
}
unset($this->_bound[':validation']);
unset($this->_bound[':data']);
unset($this->_bound[':field']);
unset($this->_bound[':value']);
$this->_data = $original;
if (isset($benchmark)) {
Profiler::stop($benchmark);
}
return empty($this->_errors);
}
protected function _valid_group($group)
{
// Group cannot be empty
if (!Valid::not_empty($group)) {
return FALSE;
}
// Can only consist of alpha-numeric values, dashes, underscores, and slashes
if (preg_match('/[^a-zA-Z0-9\\/_-]/', $group)) {
return FALSE;
}
// Must also contain at least one alpha-numeric value
if (!preg_match('/[a-zA-Z0-9]/', $group)) {
return FALSE;
}
// --group="/" breaks things but "a/b" should be allowed
return TRUE;
}
public function action_newUser()
{
// echo '<pre>'; print_r($_POST); exit;
// form post handling
if (isset($_POST) && Valid::not_empty($_POST)) {
// validate
$post = Validation::factory($_POST)->rule('email', 'not_empty')->rule('email', 'email')->rule('email', 'email_domain')->rule('username', 'not_empty')->rule('username', Kohana::$config->load('musyme.account.create.username.format'))->rule('username', 'min_length', array(':value', Kohana::$config->load('musyme.account.create.username.min_length')))->rule('username', 'max_length', array(':value', Kohana::$config->load('musyme.account.create.username.max_length')))->rule('password', 'not_empty')->rule('password', 'min_length', array(':value', Kohana::$config->load('musyme.account.create.password.min_length')))->rule('password', array($this, 'pwdneusr'), array(':validation', ':field', 'username'));
if ($post->check()) {
// save
$model = ORM::factory('User');
$model->values(array('email' => $post['email'], 'username' => HTML::entities(strip_tags($post['username'])), 'password' => $post['password']));
try {
$model->save();
$model->add('roles', ORM::factory('Role')->where('name', '=', 'login')->find());
$model->add('roles', ORM::factory('Role')->where('name', '=', 'participant')->find());
$this->redirect('dashboard/users');
} catch (ORM_Validation_Exception $e) {
$errors = $e->errors('user');
}
} else {
$errors = $post->errors('user');
}
}
// TODO i18n
$this->template->title = __('Create an account');
// display
$this->template->content = View::factory('dashboard/users/new')->bind('post', $post)->bind('errors', $errors);
}
/**
* XHR endpoint for managing a user's buckets
*/
public function action_buckets()
{
$this->template = "";
$this->auto_render = FALSE;
switch ($this->request->method()) {
case "POST":
$payload = json_decode($this->request->body(), TRUE);
if (Valid::not_empty($payload['name'])) {
$bucket_name = $payload['name'];
$bucket = $this->bucket_service->create_bucket($bucket_name, $this->user);
$this->response->headers("Content-Type", "application/json;charset=UTF-8");
echo json_encode($bucket);
}
break;
case "DELETE":
$bucket_id = $this->request->param('id', 0);
$this->bucket_service->delete_bucket($bucket_id);
break;
}
}
/**
* Checks if a field is set.
*
* Modified version of Validate::not_empty, also accepts FALSE
* as a valid value
*
* @return boolean
*/
public static function required($value)
{
return Valid::not_empty($value) || $value === FALSE;
}
/**
* Tests Valid::not_empty()
*
* Checks if a field is not empty.
*
* @test
* @dataProvider provider_not_empty
* @param mixed $value Value to check
* @param boolean $empty Is the value really empty?
*/
public function test_not_empty($value, $empty)
{
return $this->assertSame($empty, Valid::not_empty($value));
}
public function action_password()
{
// user already logged in, redirect to dashboard
if (Auth::instance()->logged_in('participant')) {
$this->request->redirect('dashboard');
}
// try to match
if (isset($_GET['token']) && isset($_GET['email'])) {
if (strlen($_GET['token']) == 32 && Valid::email($_GET['email'])) {
// match $_GET with user
$user = ORM::factory('user')->where('email', '=', $_GET['email'])->where('reset_token', '=', $_GET['token'])->find();
if ($user->loaded()) {
$found = 1;
} else {
$found = 0;
}
} else {
$this->request->redirect();
}
} else {
$this->request->redirect();
}
// handle post
if (isset($_POST) && Valid::not_empty($_POST)) {
// validate the login form
$post = Validation::factory($_POST)->rule('username', 'not_empty')->rule('password', 'not_empty')->rule('password', 'min_length', array(':value', Kohana::$config->load('ko32example.account.create.password.min_length')))->rule('password', array($this, 'pwdneusr'), array(':validation', ':field', 'username'));
// if the form is valid and the username and password matches
if ($post->check()) {
// modify the password
$user->reset_token = NULL;
$user->password = $post['password'];
$user->save();
// log the user
if (Auth::instance()->login($post['username'], $post['password'])) {
Session::instance()->set('success_pwd', 1);
$this->request->redirect('dashboard');
}
} else {
$errors = $post->errors('user');
}
}
// display
$this->template->title = 'Reset password step 2';
$this->template->content = View::factory('account/password')->bind('post', $post)->bind('errors', $errors)->bind('found', $found)->bind('user', $user);
}
/**
* Executes all validation rules. This should
* typically be called within an if/else block.
*
* if ($validation->check())
* {
* // The data is valid, do something here
* }
*
* @param boolean allow empty array?
* @return boolean
*/
public function check()
{
if (Kohana::$profiling === TRUE) {
// Start a new benchmark
$benchmark = Profiler::start('Validation', __FUNCTION__);
}
// New data set
$data = $this->_errors = array();
// Store the original data because this class should not modify it post-validation
$original = $this->getArrayCopy();
// Get a list of the expected fields
$expected = Arr::merge(array_keys($original), array_keys($this->_labels));
// Import the rules locally
$rules = $this->_rules;
foreach ($expected as $field) {
// Use the submitted value or NULL if no data exists
$data[$field] = Arr::get($this, $field);
if (isset($rules[TRUE])) {
if (!isset($rules[$field])) {
// Initialize the rules for this field
$rules[$field] = array();
}
// Append the rules
$rules[$field] = array_merge($rules[$field], $rules[TRUE]);
}
}
// Overload the current array with the new one
$this->exchangeArray($data);
// Remove the rules that apply to every field
unset($rules[TRUE]);
// Bind the validation object to :validation
$this->bind(':validation', $this);
// Execute the rules
foreach ($rules as $field => $set) {
// Get the field value
$value = $this[$field];
// Bind the field name and value to :field and :value respectively
$this->bind(array(':field' => $field, ':value' => $value));
foreach ($set as $array) {
// Rules are defined as array($rule, $params)
list($rule, $params) = $array;
foreach ($params as $key => $param) {
if (is_string($param) and array_key_exists($param, $this->_bound)) {
// Replace with bound value
$params[$key] = $this->_bound[$param];
}
}
// Default the error name to be the rule (except array and lambda rules)
$error_name = $rule;
if (is_array($rule)) {
// This is an array callback, the method name is the error name
$error_name = $rule[1];
$passed = call_user_func_array($rule, $params);
} elseif (!is_string($rule)) {
// This is a lambda function, there is no error name (errors must be added manually)
$error_name = FALSE;
$passed = call_user_func_array($rule, $params);
} elseif (method_exists('Valid', $rule)) {
// Use a method in this object
$method = new ReflectionMethod('Valid', $rule);
// Call static::$rule($this[$field], $param, ...) with Reflection
$passed = $method->invokeArgs(NULL, $params);
} elseif (strpos($rule, '::') === FALSE) {
// Use a function call
$function = new ReflectionFunction($rule);
// Call $function($this[$field], $param, ...) with Reflection
$passed = $function->invokeArgs($params);
} else {
// Split the class and method of the rule
list($class, $method) = explode('::', $rule, 2);
// Use a static method call
$method = new ReflectionMethod($class, $method);
// Call $Class::$method($this[$field], $param, ...) with Reflection
$passed = $method->invokeArgs(NULL, $params);
}
// Ignore return values from rules when the field is empty
if (!in_array($rule, $this->_empty_rules) and !Valid::not_empty($value)) {
continue;
}
if ($passed === FALSE and $error_name !== FALSE) {
// Add the rule to the errors
$this->error($field, $error_name, $params);
// This field has an error, stop executing rules
break;
}
}
}
// Restore the data to its original form
$this->exchangeArray($original);
if (isset($benchmark)) {
// Stop benchmarking
Profiler::stop($benchmark);
}
return empty($this->_errors);
}
/**
* Add extra parameter validation
*/
public function build_validation(Validation $validation)
{
return parent::build_validation($validation)->rule('source', 'not_empty')->rule('source', 'in_array', array(':value', array('api', 'sql')))->rule('url', 'url')->rule('url', function ($validation, $field, $value, $data) {
if ($data['source'] == 'api' and !Valid::not_empty($value)) {
$validation->error($field, 'not_empty');
}
}, array(':validation', ':field', ':value', ':data'))->rule('use-external', function ($validation, $field, $value, $data) {
if ($value === TRUE) {
return TRUE;
}
if (is_string($value) and !Valid::url($value)) {
$validation->error($field, 'url');
}
return FALSE;
}, array(':validation', ':field', ':value', ':data'))->rule('username', function ($validation, $field, $value, $data) {
if ($data['source'] == 'sql' and !Valid::not_empty($value)) {
$validation->error($field, 'not_empty');
}
}, array(':validation', ':field', ':value', ':data'))->rule('database', function ($validation, $field, $value, $data) {
if ($data['source'] == 'sql' and !Valid::not_empty($value)) {
$validation->error($field, 'not_empty');
}
}, array(':validation', ':field', ':value', ':data'))->rule('clean', function ($validation, $field, $value, $data) {
if ($value !== FALSE and is_string($data['use-external'])) {
$validation->error($field, 'incompatible_use_external');
}
}, array(':validation', ':field', ':value', ':data'))->rule('batch-size', 'numeric')->rule('form-id', 'numeric')->rule('oauth-client-id', 'not_empty')->rule('oauth-client-secret', 'not_empty')->rule('dest-username', 'not_empty');
}
